The fact that some of you are putting the blame on instance owners/moderators is just showing that you have about the same amount of brain rot as the people actually posting this vile trash
Right. This is a community effort, and it’s important we support our instances and figure out how to best keep them safe.
Honestly, my first thoughts were that reddit had probably funded some blackhats to sabotage shit because they’re still salty. Then, they could have it reported.
Honestly dude if you believe this is true you should speak with a therapist.
Ignore these people telling you that you’re being too paranoid. I assumed the same about the series of DDoS attacks that lemmy.world experienced in the last few months. Reddit admins trying to undercut lemmy’s growing popularity “by any means necessary” is perfectly logical. DDoS followed by content attacks even follows Reddit’s own struggles over the years.
I’m a bit confused, how does locking down a single community help?
Are the spammers really just focusing on one community instead of switching to the next after it gets banned?
I do hope there is an IP ban option, so someone can’t just use the same IP again to create an account on another instance and post CSAM from there. Obviously I do know about VPNs, but it makes it a tiny bit more difficult to spam in large amounts.
Most people don’t have static IP addresses, so banning their IP will only stop them temporarily. Then whoever gets that dynamic IP address next will be banned too. Then there’s CGNAT where 1 IP address can have up to 128 people using it at once and the address changes even more frequently.
We’re talking about temporary bans here, which do work against spam. Private users do have dynamic IPs, but at home I think I’ve had the same IP for years. They don’t wildly switch them around.
On second thought the IP is probably not federated though, so if there isn’t a common IP block list which instances subscribe to it won’t work.
These comments so far stink, yall are something else.
OK, I am going to take a minute away from the shit stirring and potentially provide some insight speaking as an admin who’s had the misfortune of dealing with this so I can maybe shift this comment section into an actually meaningful discussion.
You can have your own opinion and feelings against lemmy.world but, this?
The only thing that could have prevented this is better moderation tools. And while a lot of the instance admins have been asking for this, it doesn’t seem to be on the developers roadmap for the time being. There are just two full-time developers on this project and they seem to have other priorities. No offense to them but it doesn’t inspire much faith for the future of Lemmy.
This is correct. Most lemmy admins likely agree as well, I don’t speak for anyone but myself but I can say that I think it would be hard to find someone who disagreed. What happened today is a result of a catastrophic failure on lemmys end, with issues that should have been addressed over a month ago just being completely ignored. The lemmy devs shared a roadmap during their AMA & they essentially were more concerned with making shit go faster… that’s about it.
Is there not some way to involve the authorities? I feel like FBI/CIA or other foreign agencies would love to track down whoever is distributing. Like set up some sort of honeypot instance to catch them
They probably connect using tor. Not much you can do with that information (without effort far exceeding the value of one CP spammer).
Doesn’t the NSA run half of all Tor exit nodes?
Looks like some CSAM fuzzy hashing would go a long way to catch someone trying to submit that kind of content if each uploaded image is scanned.
https://blog.cloudflare.com/the-csam-scanning-tool/
Not saying to go with CloudFlare (just showing how the detection works overall), but some kind of builtin detection system coded into Lemmy that grabs an updated hash table periodically
Not a bad idea, but I was working on a project once that would support user uploaded images and looked into PhotoDNA, but it was an incredible pain in the ass to get access to. I’m surprised that someone hasn’t realized that this should just be free and available. Kind of gross that it is put behind an application/paywall, imo. They’re just hashes and a library to generate the hashes. Why shouldn’t that just be open source and available through the NCMEC?
While I understand the move entirely I can’t help but wonder if that might have been the intent of the perpetrators.
Definitely was. It was just a flex of their power. I don’t see any viable solution at the moment though, so going nuclear was the only sane option. When your options are to close a door versus playing an increasingly difficult game of cat and mouse w/ CP posters, most would opt to temporarily shutter their doors I feel.
What is worrying is that any community on lemmy on any instance is vulnerable to this type of attack. This will continue happening again and again until a clear solution, technical or otherwise, can be devised.
I gave my loyalty to Lemmy. I am not going to jump shit because some deranged lunatics decide to troll in the most abhorrent ways. I plan on donating to the project in show of support and I hope others do as well.
I gave my loyalty to Lemmy
This is a weird way to think about a service. You’re not a serf or lord. If the things tanks tomorrow I’m not losing sleep over it.
Let me clarify. I am loyal to Lemmy because they demonstrate a few important things to me. Openness, transparency, and community ownership. I have never used any piece of social media, content aggregation, whatever else, that has given me such confidence and transparency. Lemmy (as a project, not a single instance) has earned my trust because they have actually shown accountability and been open to communication.
Honestly, I think it was destined to happen one way or another because of an open-signups server getting so big. The burggit/vlemmy debacle was the warning shot.
It should jump-start overdue efforts to improve moderation granularity and make it easier for mods to manage users and content.
What was the burggit/vlemmy debacle?
I know that vlemmy suddenly disappeared with no warning.
Can’t speak to Burggit’s place in the saga, but its widely speculated the vlemmy admin found some CSAM in the data storage and shut the whole thing down so as not to be further legally liabile for illegal activity on the server. I’ve seen some people saying admins don’t have to worry about that because of this section of this code of that countries legal doctrine or whatever, but the reality a lot of us face is that law enforcement and prosecutors don’t care how the CSAM got there, or if you knew about it, because its your burden of proof to prove them wrong about that, and they just have to make jurors who don’t know how the tech works think its your hardware, your hosted service, and therefore, your CSAM. The consequences of mishandling or not documenting your actions in regards to CSAM are incredibly dire. You could see yourself permanently sent to prison, and if not, upon your release permanently ostracized in very complex ways that could render you permanently homeless.
I like… Don’t understand the stance that Ruud or VLemmy are overreacting at all. Those are the stakes in some places, including where the majority of instances are hosted. It gives me the read some people don’t care that the admins are just people like you and me hosting these services to make good communities happen. The expectation for some people seems to be just like… “Keep the service up no matter what. I want to view content. if it becomes impossible to host, just sail out into international water. The content must flow”
Is it that hard to not be completely retarded and innapropriate on the internet for these people? Only “viable” alternative to reddit and they have to fuck it up